Heap Overflow

Traditionally, a HeapOverflow is a BufferOverflow that doesn't occur on the execution stack (such as in a frame-allocated buffer in C) but instead occurs off in TheHeap, where people malloc data. HeapOverflows are not as immediately harmful in the typical case, since it's often quite difficult to rewrite the entire heap AND stack so that the program becomes hijacked. However, HeapOverflows are still ConsideredHarmful and are often used as part of the more difficult exploits as a place to put ShellCode? in memory. A BufferOverflow usually follows, causing the affected program to jump to the previously inserted code.

HeapOverflows happen all the time, and they can often be very hard to pin down because their deleterious side effects occur in data that may not get used until billions or trillions of machine cycles later.

In some "lucky" cases, they may merely overwrite uninitialized data beyond the end of a dynamically-allocated array, which isn't in use yet, in which case no behavioral error is visible at all. Until the code changes, memory layout shifts, and suddenly the (very old, by then) erroneous write smashes critical data, turning the lucky case into an exceedingly unlucky and hard to find error.


Heap overflow might mean ran out of heap. That's a bit worse than ran out of stack if you aren't prepared for it.


EditText of this page (last edited November 13, 2014) or FindPage with title or text search